Version Description
- The site connection settings are now applied automatically and therefore have been removed from the admin interface.
- Now compatible with PHP 5.2 to support some older WP installations.
Download this release
Release Info
Developer | wpchefgadget |
Plugin | Limit Login Attempts Reloaded |
Version | 2.1.0 |
Comparing to | |
See all releases |
Code changes from version 2.0.0 to 2.1.0
- core/Helpers.php +2 -5
- core/LimitLoginAttempts.php +27 -49
- core/Logger.php +3 -5
- core/autoload.php +0 -21
- limit-login-attempts-reloaded.php +9 -5
- readme.txt +6 -2
- views/options-page.php +10 -38
core/Helpers.php
CHANGED
@@ -1,12 +1,9 @@
|
|
1 |
<?php
|
2 |
|
3 |
-
namespace LLA\Core;
|
4 |
-
|
5 |
/**
|
6 |
-
* Class
|
7 |
-
* @package LLA\Core
|
8 |
*/
|
9 |
-
class
|
10 |
|
11 |
/**
|
12 |
* @param string $msg
|
1 |
<?php
|
2 |
|
|
|
|
|
3 |
/**
|
4 |
+
* Class LLA_Helpers
|
|
|
5 |
*/
|
6 |
+
class LLA_Helpers {
|
7 |
|
8 |
/**
|
9 |
* @param string $msg
|
core/LimitLoginAttempts.php
CHANGED
@@ -1,12 +1,9 @@
|
|
1 |
<?php
|
2 |
|
3 |
-
namespace LLA\Core;
|
4 |
-
|
5 |
/**
|
6 |
-
* Class
|
7 |
-
* @package LLA\Core
|
8 |
*/
|
9 |
-
class
|
10 |
|
11 |
/**
|
12 |
* Main plugin options
|
@@ -596,9 +593,9 @@ class LimitLoginAttempts {
|
|
596 |
*
|
597 |
* @param $user
|
598 |
*/
|
599 |
-
public function notify_log( $
|
600 |
|
601 |
-
if( ! $
|
602 |
return;
|
603 |
}
|
604 |
|
@@ -610,20 +607,30 @@ class LimitLoginAttempts {
|
|
610 |
|
611 |
/* can be written much simpler, if you do not mind php warnings */
|
612 |
if( isset( $log[ $ip ] ) ) {
|
613 |
-
if( isset( $log[ $ip ][ $
|
614 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
615 |
} else {
|
616 |
-
$log[ $ip ][ $
|
|
|
|
|
617 |
}
|
618 |
} else {
|
619 |
$log[ $ip ] = array(
|
620 |
-
$
|
621 |
'counter' => 1
|
622 |
)
|
623 |
);
|
624 |
}
|
625 |
|
626 |
-
$log[ $ip ][ $
|
627 |
|
628 |
if( $option === false ) {
|
629 |
add_option( 'limit_login_logged', $log, '', 'no' ); /* no autoload */
|
@@ -632,15 +639,6 @@ class LimitLoginAttempts {
|
|
632 |
}
|
633 |
}
|
634 |
|
635 |
-
/**
|
636 |
-
* Make a guess if we are behind a proxy or not
|
637 |
-
*
|
638 |
-
* @return string
|
639 |
-
*/
|
640 |
-
public function guess_proxy() {
|
641 |
-
return isset( $_SERVER[ LLA_PROXY_ADDR ] ) ? LLA_PROXY_ADDR : LLA_DIRECT_ADDR;
|
642 |
-
}
|
643 |
-
|
644 |
/**
|
645 |
* Check if IP is whitelisted.
|
646 |
*
|
@@ -683,7 +681,7 @@ class LimitLoginAttempts {
|
|
683 |
global $limit_login_my_error_shown;
|
684 |
$limit_login_my_error_shown = true;
|
685 |
|
686 |
-
$error = new
|
687 |
// This error should be the same as in "shake it" filter below
|
688 |
$error->add( 'too_many_retries', $this->error_msg() );
|
689 |
|
@@ -899,34 +897,14 @@ class LimitLoginAttempts {
|
|
899 |
* @return string
|
900 |
*/
|
901 |
public function get_address( $type_name = '' ) {
|
902 |
-
$type = $type_name;
|
903 |
-
if( empty( $type ) ) {
|
904 |
-
$type = $this->get_option( 'client_type' );
|
905 |
-
}
|
906 |
|
907 |
-
if( isset( $_SERVER[ $
|
908 |
-
return $_SERVER[
|
909 |
-
}
|
910 |
-
|
911 |
-
|
912 |
-
|
913 |
-
* If so, try to fall back to direct address.
|
914 |
-
*/
|
915 |
-
if( empty( $type_name ) && $type == LLA_PROXY_ADDR && isset( $_SERVER[ LLA_DIRECT_ADDR ] ) ) {
|
916 |
-
|
917 |
-
/*
|
918 |
-
* NOTE: Even though we fall back to direct address -- meaning you
|
919 |
-
* can get a mostly working plugin when set to PROXY mode while in
|
920 |
-
* fact directly connected to Internet it is not safe!
|
921 |
-
*
|
922 |
-
* Client can itself send HTTP_X_FORWARDED_FOR header fooling us
|
923 |
-
* regarding which IP should be banned.
|
924 |
-
*/
|
925 |
-
|
926 |
-
return $_SERVER[ LLA_DIRECT_ADDR ];
|
927 |
}
|
928 |
-
|
929 |
-
return '';
|
930 |
}
|
931 |
|
932 |
/**
|
@@ -989,7 +967,7 @@ class LimitLoginAttempts {
|
|
989 |
* @param $msg
|
990 |
*/
|
991 |
public function show_error( $msg ) {
|
992 |
-
|
993 |
}
|
994 |
|
995 |
}
|
1 |
<?php
|
2 |
|
|
|
|
|
3 |
/**
|
4 |
+
* Class Limit_Login_Attempts
|
|
|
5 |
*/
|
6 |
+
class Limit_Login_Attempts {
|
7 |
|
8 |
/**
|
9 |
* Main plugin options
|
593 |
*
|
594 |
* @param $user
|
595 |
*/
|
596 |
+
public function notify_log( $user_login ) {
|
597 |
|
598 |
+
if( ! $user_login ) {
|
599 |
return;
|
600 |
}
|
601 |
|
607 |
|
608 |
/* can be written much simpler, if you do not mind php warnings */
|
609 |
if( isset( $log[ $ip ] ) ) {
|
610 |
+
if( isset( $log[ $ip ][ $user_login ] ) ) {
|
611 |
+
|
612 |
+
if( is_array( $log[ $ip ][ $user_login ] ) ) { // For new plugin version
|
613 |
+
$log[ $ip ][ $user_login ]['counter'] += 1;
|
614 |
+
} else { // For old plugin version
|
615 |
+
$temp_counter = $log[ $ip ][ $user_login ];
|
616 |
+
$log[ $ip ][ $user_login ] = array(
|
617 |
+
'counter' => $temp_counter + 1
|
618 |
+
);
|
619 |
+
}
|
620 |
} else {
|
621 |
+
$log[ $ip ][ $user_login ] = array(
|
622 |
+
'counter' => 1
|
623 |
+
);
|
624 |
}
|
625 |
} else {
|
626 |
$log[ $ip ] = array(
|
627 |
+
$user_login => array(
|
628 |
'counter' => 1
|
629 |
)
|
630 |
);
|
631 |
}
|
632 |
|
633 |
+
$log[ $ip ][ $user_login ]['date'] = time();
|
634 |
|
635 |
if( $option === false ) {
|
636 |
add_option( 'limit_login_logged', $log, '', 'no' ); /* no autoload */
|
639 |
}
|
640 |
}
|
641 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
642 |
/**
|
643 |
* Check if IP is whitelisted.
|
644 |
*
|
681 |
global $limit_login_my_error_shown;
|
682 |
$limit_login_my_error_shown = true;
|
683 |
|
684 |
+
$error = new WP_Error();
|
685 |
// This error should be the same as in "shake it" filter below
|
686 |
$error->add( 'too_many_retries', $this->error_msg() );
|
687 |
|
897 |
* @return string
|
898 |
*/
|
899 |
public function get_address( $type_name = '' ) {
|
|
|
|
|
|
|
|
|
900 |
|
901 |
+
if( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) && !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {
|
902 |
+
return $_SERVER['HTTP_X_FORWARDED_FOR'];
|
903 |
+
} elseif( isset( $_SERVER['REMOTE_ADDR'] ) ) {
|
904 |
+
return $_SERVER['REMOTE_ADDR'];
|
905 |
+
} else {
|
906 |
+
return '';
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
907 |
}
|
|
|
|
|
908 |
}
|
909 |
|
910 |
/**
|
967 |
* @param $msg
|
968 |
*/
|
969 |
public function show_error( $msg ) {
|
970 |
+
LLA_Helpers::show_error( $msg );
|
971 |
}
|
972 |
|
973 |
}
|
core/Logger.php
CHANGED
@@ -1,18 +1,16 @@
|
|
1 |
<?php
|
2 |
|
3 |
-
namespace LLA\Core;
|
4 |
-
|
5 |
/**
|
6 |
-
* Class
|
7 |
-
* @package LLA\Core
|
8 |
*/
|
9 |
-
class
|
10 |
|
11 |
private static $_log_file_name = 'log.txt';
|
12 |
|
13 |
/**
|
14 |
* TODO
|
15 |
* @param $msg
|
|
|
16 |
*/
|
17 |
public static function add_log( $msg ) {
|
18 |
if( ! $msg ) {
|
1 |
<?php
|
2 |
|
|
|
|
|
3 |
/**
|
4 |
+
* Class LLA_Logger
|
|
|
5 |
*/
|
6 |
+
class LLA_Logger {
|
7 |
|
8 |
private static $_log_file_name = 'log.txt';
|
9 |
|
10 |
/**
|
11 |
* TODO
|
12 |
* @param $msg
|
13 |
+
* @return int|void
|
14 |
*/
|
15 |
public static function add_log( $msg ) {
|
16 |
if( ! $msg ) {
|
core/autoload.php
DELETED
@@ -1,21 +0,0 @@
|
|
1 |
-
<?php
|
2 |
-
|
3 |
-
namespace LLA;
|
4 |
-
|
5 |
-
spl_autoload_register( function ( $class ) {
|
6 |
-
|
7 |
-
if( substr( $class, 0, 3 ) !== __NAMESPACE__ ) {
|
8 |
-
return;
|
9 |
-
}
|
10 |
-
|
11 |
-
$class = str_replace( __NAMESPACE__ . '\\', '', $class );
|
12 |
-
$class = str_replace( '\\', DIRECTORY_SEPARATOR, $class );
|
13 |
-
$class_path = strtolower( substr( $class, 0, strrpos( $class, DIRECTORY_SEPARATOR ) ) );
|
14 |
-
$class_name = substr( $class, strrpos( $class, DIRECTORY_SEPARATOR ) + 1 );
|
15 |
-
$class_file = LLA_PLUGIN_DIR . $class_path . DIRECTORY_SEPARATOR . $class_name . '.php';
|
16 |
-
|
17 |
-
if( file_exists( $class_file ) ) {
|
18 |
-
include( $class_file );
|
19 |
-
}
|
20 |
-
|
21 |
-
} );
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
limit-login-attempts-reloaded.php
CHANGED
@@ -2,9 +2,9 @@
|
|
2 |
/*
|
3 |
Plugin Name: Limit Login Attempts Reloaded
|
4 |
Description: Limit the rate of login attempts, including by way of cookies and for each IP address.
|
5 |
-
Author:
|
6 |
Text Domain: limit-login-attempts-reloaded
|
7 |
-
Version: 2.
|
8 |
|
9 |
Copyright 2008 - 2012 Johan Eenfeldt
|
10 |
|
@@ -30,7 +30,11 @@ $limit_login_my_error_shown = false; /* have we shown our stuff? */
|
|
30 |
$limit_login_just_lockedout = false; /* started this pageload??? */
|
31 |
$limit_login_nonempty_credentials = false; /* user and pwd nonempty */
|
32 |
|
33 |
-
|
34 |
-
|
35 |
-
|
|
|
|
|
|
|
36 |
|
|
2 |
/*
|
3 |
Plugin Name: Limit Login Attempts Reloaded
|
4 |
Description: Limit the rate of login attempts, including by way of cookies and for each IP address.
|
5 |
+
Author: wpchefgadget
|
6 |
Text Domain: limit-login-attempts-reloaded
|
7 |
+
Version: 2.1.0
|
8 |
|
9 |
Copyright 2008 - 2012 Johan Eenfeldt
|
10 |
|
30 |
$limit_login_just_lockedout = false; /* started this pageload??? */
|
31 |
$limit_login_nonempty_credentials = false; /* user and pwd nonempty */
|
32 |
|
33 |
+
/***************************************************************************************
|
34 |
+
* Include files
|
35 |
+
**************************************************************************************/
|
36 |
+
require_once( LLA_PLUGIN_DIR . '/core/Helpers.php' );
|
37 |
+
require_once( LLA_PLUGIN_DIR . '/core/Logger.php' );
|
38 |
+
require_once( LLA_PLUGIN_DIR . '/core/LimitLoginAttempts.php' );
|
39 |
|
40 |
+
$limit_login_attempts_obj = new Limit_Login_Attempts();
|
readme.txt
CHANGED
@@ -2,8 +2,8 @@
|
|
2 |
Contributors: wpchefgadget
|
3 |
Tags: login, security, authentication, Limit Login Attempts, Limit Login Attempts Reloaded, Limit Login Attempts Revamped, Limit Login Attempts Renovated, Limit Login Attempts Updated, Better Limit Login Attempts, Limit Login Attempts Renewed, Limit Login Attempts Upgraded
|
4 |
Requires at least: 2.8
|
5 |
-
Tested up to: 4.
|
6 |
-
Stable tag: 2.
|
7 |
|
8 |
Reloaded version of the original Limit Login Attempts plugin for Login Protection by a team of WordPress developers.
|
9 |
|
@@ -46,6 +46,10 @@ Based on the original code from Limit Login Attemps plugin by Johan Eenfeldt.
|
|
46 |
|
47 |
== Changelog ==
|
48 |
|
|
|
|
|
|
|
|
|
49 |
= 2.0.0 =
|
50 |
* fixed PHP Warning: Illegal offset type in isset or empty https://wordpress.org/support/topic/limit-login-attempts-generating-php-errors
|
51 |
* fixed the deprecated functions issue
|
2 |
Contributors: wpchefgadget
|
3 |
Tags: login, security, authentication, Limit Login Attempts, Limit Login Attempts Reloaded, Limit Login Attempts Revamped, Limit Login Attempts Renovated, Limit Login Attempts Updated, Better Limit Login Attempts, Limit Login Attempts Renewed, Limit Login Attempts Upgraded
|
4 |
Requires at least: 2.8
|
5 |
+
Tested up to: 4.6
|
6 |
+
Stable tag: 2.1.0
|
7 |
|
8 |
Reloaded version of the original Limit Login Attempts plugin for Login Protection by a team of WordPress developers.
|
9 |
|
46 |
|
47 |
== Changelog ==
|
48 |
|
49 |
+
= 2.1.0 =
|
50 |
+
* The site connection settings are now applied automatically and therefore have been removed from the admin interface.
|
51 |
+
* Now compatible with PHP 5.2 to support some older WP installations.
|
52 |
+
|
53 |
= 2.0.0 =
|
54 |
* fixed PHP Warning: Illegal offset type in isset or empty https://wordpress.org/support/topic/limit-login-attempts-generating-php-errors
|
55 |
* fixed the deprecated functions issue
|
views/options-page.php
CHANGED
@@ -4,7 +4,7 @@ if( !defined( 'ABSPATH' ) )
|
|
4 |
exit();
|
5 |
|
6 |
/**
|
7 |
-
* @var $this
|
8 |
*/
|
9 |
|
10 |
if( !current_user_can( 'manage_options' ) ) {
|
@@ -68,26 +68,6 @@ $lockouts_now = is_array( $lockouts ) ? count( $lockouts ) : 0;
|
|
68 |
$cookies_yes = $this->get_option( 'cookies' ) ? ' checked ' : '';
|
69 |
$cookies_no = $this->get_option( 'cookies' ) ? '' : ' checked ';
|
70 |
|
71 |
-
$client_type = $this->get_option( 'client_type' );
|
72 |
-
$client_type_direct = $client_type == LLA_DIRECT_ADDR ? ' checked ' : '';
|
73 |
-
$client_type_proxy = $client_type == LLA_PROXY_ADDR ? ' checked ' : '';
|
74 |
-
|
75 |
-
$client_type_guess = $this->guess_proxy();
|
76 |
-
|
77 |
-
if( $client_type_guess == LLA_DIRECT_ADDR ) {
|
78 |
-
$client_type_message = sprintf( __( 'It appears the site is reached directly (from your IP: %s)', 'limit-login-attempts-reloaded' ), $this->get_address( LLA_DIRECT_ADDR ) );
|
79 |
-
} else {
|
80 |
-
$client_type_message = sprintf( __( 'It appears the site is reached through a proxy server (proxy IP: %s, your IP: %s)', 'limit-login-attempts-reloaded' ), $this->get_address( LLA_DIRECT_ADDR ), $this->get_address( LLA_PROXY_ADDR ) );
|
81 |
-
}
|
82 |
-
$client_type_message .= '<br />';
|
83 |
-
|
84 |
-
$client_type_warning = '';
|
85 |
-
if( $client_type != $client_type_guess ) {
|
86 |
-
$faq = 'https://wordpress.org/extend/plugins/limit-login-attempts-reloaded/faq/';
|
87 |
-
|
88 |
-
$client_type_warning = '<br /><br />' . sprintf( __( '<strong>Current setting appears to be invalid</strong>. Please make sure it is correct. Further information can be found <a href="%s" title="FAQ">here</a>', 'limit-login-attempts-reloaded' ), $faq );
|
89 |
-
}
|
90 |
-
|
91 |
$v = explode( ',', $this->get_option( 'lockout_notify' ) );
|
92 |
$log_checked = in_array( 'log', $v ) ? ' checked ' : '';
|
93 |
$email_checked = in_array( 'email', $v ) ? ' checked ' : '';
|
@@ -151,23 +131,6 @@ $email_checked = in_array( 'email', $v ) ? ' checked ' : '';
|
|
151 |
name="valid_duration"/> <?php echo __( 'hours until retries are reset', 'limit-login-attempts-reloaded' ); ?>
|
152 |
</td>
|
153 |
</tr>
|
154 |
-
<tr>
|
155 |
-
<th scope="row" valign="top"><?php echo __( 'Site connection', 'limit-login-attempts-reloaded' ); ?></th>
|
156 |
-
<td>
|
157 |
-
<?php echo $client_type_message; ?>
|
158 |
-
<label>
|
159 |
-
<input type="radio" name="client_type"
|
160 |
-
<?php echo $client_type_direct; ?> value="<?php echo LLA_DIRECT_ADDR; ?>"/>
|
161 |
-
<?php echo __( 'Direct connection', 'limit-login-attempts-reloaded' ); ?>
|
162 |
-
</label>
|
163 |
-
<label>
|
164 |
-
<input type="radio" name="client_type"
|
165 |
-
<?php echo $client_type_proxy; ?> value="<?php echo LLA_PROXY_ADDR; ?>"/>
|
166 |
-
<?php echo __( 'From behind a reversy proxy', 'limit-login-attempts-reloaded' ); ?>
|
167 |
-
</label>
|
168 |
-
<?php echo $client_type_warning; ?>
|
169 |
-
</td>
|
170 |
-
</tr>
|
171 |
<tr>
|
172 |
<th scope="row"
|
173 |
valign="top"><?php echo __( 'Handle cookie login', 'limit-login-attempts-reloaded' ); ?></th>
|
@@ -199,6 +162,7 @@ $email_checked = in_array( 'email', $v ) ? ' checked ' : '';
|
|
199 |
</form>
|
200 |
<?php
|
201 |
$log = get_option( 'limit_login_logged' );
|
|
|
202 |
if( is_array( $log ) && ! empty( $log ) ) { ?>
|
203 |
<h3><?php echo __( 'Lockout log', 'limit-login-attempts-reloaded' ); ?></h3>
|
204 |
<form action="<?php echo $this->get_options_page_uri(); ?>" method="post">
|
@@ -221,9 +185,17 @@ $email_checked = in_array( 'email', $v ) ? ' checked ' : '';
|
|
221 |
<?php foreach ( $log as $ip => $users ) : ?>
|
222 |
<?php foreach ( $users as $user_name => $info ) : ?>
|
223 |
<tr>
|
|
|
|
|
|
|
224 |
<td class="limit-login-date"><?php echo date_i18n( 'F d, Y H:i', $info['date'] ); ?></td>
|
225 |
<td class="limit-login-ip"><?php echo $ip; ?></td>
|
226 |
<td class="limit-login-max"><?php echo $user_name . ' (' . $info['counter'] .' lockouts)'; ?></td>
|
|
|
|
|
|
|
|
|
|
|
227 |
</tr>
|
228 |
<?php endforeach; ?>
|
229 |
<?php endforeach; ?>
|
4 |
exit();
|
5 |
|
6 |
/**
|
7 |
+
* @var $this Limit_Login_Attempts
|
8 |
*/
|
9 |
|
10 |
if( !current_user_can( 'manage_options' ) ) {
|
68 |
$cookies_yes = $this->get_option( 'cookies' ) ? ' checked ' : '';
|
69 |
$cookies_no = $this->get_option( 'cookies' ) ? '' : ' checked ';
|
70 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
71 |
$v = explode( ',', $this->get_option( 'lockout_notify' ) );
|
72 |
$log_checked = in_array( 'log', $v ) ? ' checked ' : '';
|
73 |
$email_checked = in_array( 'email', $v ) ? ' checked ' : '';
|
131 |
name="valid_duration"/> <?php echo __( 'hours until retries are reset', 'limit-login-attempts-reloaded' ); ?>
|
132 |
</td>
|
133 |
</tr>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
134 |
<tr>
|
135 |
<th scope="row"
|
136 |
valign="top"><?php echo __( 'Handle cookie login', 'limit-login-attempts-reloaded' ); ?></th>
|
162 |
</form>
|
163 |
<?php
|
164 |
$log = get_option( 'limit_login_logged' );
|
165 |
+
//echo '<pre>';print_r($log);exit();
|
166 |
if( is_array( $log ) && ! empty( $log ) ) { ?>
|
167 |
<h3><?php echo __( 'Lockout log', 'limit-login-attempts-reloaded' ); ?></h3>
|
168 |
<form action="<?php echo $this->get_options_page_uri(); ?>" method="post">
|
185 |
<?php foreach ( $log as $ip => $users ) : ?>
|
186 |
<?php foreach ( $users as $user_name => $info ) : ?>
|
187 |
<tr>
|
188 |
+
<?php
|
189 |
+
// For new plugin version
|
190 |
+
if( is_array( $info ) ) : ?>
|
191 |
<td class="limit-login-date"><?php echo date_i18n( 'F d, Y H:i', $info['date'] ); ?></td>
|
192 |
<td class="limit-login-ip"><?php echo $ip; ?></td>
|
193 |
<td class="limit-login-max"><?php echo $user_name . ' (' . $info['counter'] .' lockouts)'; ?></td>
|
194 |
+
<?php else : // For old plugin version ?>
|
195 |
+
<td class="limit-login-date"></td>
|
196 |
+
<td class="limit-login-ip"><?php echo $ip; ?></td>
|
197 |
+
<td class="limit-login-max"><?php echo $user_name . ' (' . $info .' lockouts)'; ?></td>
|
198 |
+
<?php endif; ?>
|
199 |
</tr>
|
200 |
<?php endforeach; ?>
|
201 |
<?php endforeach; ?>
|